Doctors’ Management Services (DMS) was struck with GandCrab ransomware on Christmas Eve last year, possibly exposing the PII of its clients’ patients.
Timothy DiBona, CEO of the Massachusetts-based medical billing and services firm, said in a statement that the attack was first noticed on Dec. 24, 2018 when DMS’s files became encrypted with what was determined to be GandCrab ransomware. An investigation indicated that the initial foray into DMS’s system began on April 1, 2017, when entry was made through a Remote Desktop Protocol attack on an individual endpoint. However, no malicious activity was detected until the file encryption began.
The company was presented with a ransom note, but DMS refused to pay and instead rebuilt its files from backups, DiBona said.
The information contained in the affected files included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, insurance and Medicare/Medicaid information and numbers, and medical information, including some sensitive diagnostic information of patients belonging to the company’s medical practice clients.
DiBona said the company does not believe any of the information has been accessed yet, and that all the medical providers that were affected have been notified.
“Since discovering the breach, we have changed our network security system to limit access to our systems from outside of our network and to improve our network security. DMS, in conjunction with outside information security experts, is working to help prevent similar occurrences in the future,” DiBona wrote.
The following is a list of the medical practices whose patient data was involved in the breach:
- Anjum Baqai Associates
- Arcangel Neurological Consultants
- AT Care PLLC
- AUM Healing Center
- Bell Mental Health Associates
- Beverly Surgical Associates
- Bhealthy Primary Care
- First Choice Community Medical Services
- Holy Family Medical Specialty
- Lowell General Inpatient Specialists
- NE Pulmonary & Sleep
- New England Inpatient Specialists
- New England Pulmonary & Sleep Specialists
- Today's Wellness PLLC
- Incare LLC
- Pricipes Medical Group
- Joseph Schwartz PLLC
- Neuro Institutue of New England
- New England Reconstructive & Aesthetic
- Northwoods Surgical, PLLC
- Pathways Healthcare LLC
- Peaceful Soul
- Personalized Medicine
- Pinnacle Medical Group
- Post Acute Cardiology
- Precision Surgical Specialists of Lowell
- Premiere Care
- Saxony Primary Care PLLC
- Sports Medicine Health LLC
- Surgical Group of Norwood
- The Wholeness Center
- Theresa M Smith Practice
- Thompson Medical Associates
- WLB Rehabilitation Medicine
- Heywood Athol Inpatient Specialists PLLC
- Winchester Hospital Inpatient Specialists
- Dutch Connection LLC
- New England Community Medical Services